Rooted, this was quite a simple box to be honest, maybe because recently I did an easy box using same approach
Foothold: Enumerate what you’ve found, and understand versioning. Search for vulnerabilites. There are several tools in the Web, personally I’ve used the very same of an easy box done recently that allowed reverse shell (that needed to be improved) as user g**
User (?): Using classical enumeration tool found interesting credentials that at first glance didn’t appear to be useful, but experience of recents boxes suggested to investigate further and actually I could use them (password reuse is a bad habit). Managed to grab user hash (even though I was not that user, that was odd). At this point I was a little confused as I thought that I reached the goal, but I realized that I needed to try harder.
Root: With some google-fu managed to free my self and obtain what I needed. Decided anyway to do a step further and complete escalation process.
Thanks for the box!